Privacy Policy

Privacy Policy - QRPlaza.space

Effective Date: July 15, 2024

This policy explains how we collect, use, and protect personal data in our QR code menu and ordering system for restaurants.

1. Data Controller

Hantropos S.r.l.
VAT Number: 03123470969
Data Protection Officer: privacy@qrplaza.space

2. GDPR Compliance Framework

  • Article 6 Basis: Contractual necessity (order processing), Legitimate Interest (analytics), Consent (marketing)
  • Articles 15-22: Full support for access, rectification, erasure, restriction, and portability rights
  • Article 30: Detailed records of processing activities maintained

3. Data Collected

3.1 From Restaurant Customers:

  • Menu interaction analytics (time spent, items viewed)
  • Order history with timestamps
  • Dietary preferences/allergies (voluntary)
  • Device metadata (for QR code scanning)

3.2 From Restaurant Owners:

  • Business registration documents
  • Menu content and pricing
  • Staff access credentials
  • Payment reconciliation data

4. Processing Purposes

  • Order Fulfillment:
    • Real-time order tracking
    • Kitchen display system integration
    • Delivery coordination
  • Menu Optimization:
    • Heatmaps of popular items
    • Allergy filter performance
    • Price adjustment analytics

5. Data Sharing

  • Restaurant Partners:
    • Order details for preparation
    • Customer special requests
    • Table/device identifiers
  • Payment Processors: PCI-DSS compliant providers only
  • Analytics Services: Google Analytics 4 (IP anonymization enabled)

6. Security Measures

  • AES-256 encryption for data at rest
  • TLS 1.3 for data in transit
  • Annual penetration testing
  • Role-based access controls
  • GDPR-compliant subprocessors

7. User Rights

  • Access: Export full order history as CSV
  • Rectification: Update dietary preferences via profile
  • Erasure: Full account deletion within 72h
  • Objection: Opt-out of behavioral tracking

8. Data Retention

  • Active users: Until deletion request
  • Financial records: 7 years
  • Menu analytics: 3 years (aggregated)
  • Backups: 35 days rolling

9. International Transfers

  • EU-US Data Privacy Framework certified
  • SCCs with all third-country vendors
  • Data localization option for EU restaurants

Contact & Updates

To exercise GDPR rights:
Email: privacy@qrplaza.space
Postal: Via Inganni 34, 20147 Milan, Italy

Policy Changes: Will notify users 30 days before implementation via:

  • In-app banners
  • Registered email
  • Restaurant dashboard alerts

Version History: 1.2 (2024-07-15) | 1.1 (2024-01-15) | 1.0 (2023-06-01)

© 2025 QRPlaza.space - Hantropos S.r.l.

Cookies

This website uses cookies to ensure you get the best experience on our website. Cookie Policy

Accept